The present invention relates to a method and system for connecting a controller for a machine to a higher-level IT system.
When using controllers in production, connection of the controllers to a higher-level IT system is becoming increasingly important. Higher-level IT systems include Manufacturing Execution Systems (MES), control rooms, SCADA (Supervisory Control and Data Acquisition) or MRO (Maintenance, Repair and Overhaul) systems. This integration into an overall system has hitherto been implemented on a project basis. IT security aspects have only been considered to a limited extent. It is only since the appearance of the Stuxnet computer virus that security has also become an issue in automation and production engineering. The security of today's conventional solutions is coming under ever greater scrutiny.
The prior art is illustrated in FIG. 1 in which the controllers A, B, C and D are used for open- or closed-loop control of machines or plants. These are, for example, programmable logic controllers, machine tool controls, production machine controls, etc. The controllers A to D can be of identical or different design, in particular also for different applications, and also come from different manufacturers. The individual controllers are intended to be accessed by a higher-level IT system, e.g. to control or monitor a production facility. For this purpose the higher-level IT system has the interfaces IntA, IntB, IntC and IntD. Said higher-level IT system accesses the network interface NI of a controller via the standard network protocols using the typical communication mechanisms such as DCOM, socket, http, https, etc. The network interface NI is a (standardized) interface which can be interrogated for the predefined information. Different universal standards such as OPC or OPC UA exist, but also company-specific or user-group-specific interfaces. The higher-level IT system controls access to the network interfaces NI and, for example, reads data from the controllers A to D via said interfaces, as indicated by the arrows.
This procedure has the following prerequisites:                All the controllers must be visible and addressable, i.e. accessible, for the higher-level IT system. From a security perspective, this is a major vulnerability. The controllers thus offer a point of attack and require special protection. Because the network interfaces are public knowledge, this makes the controllers much easier to attack.        The higher-level IT system has to coordinate and synchronize the accesses to the controllers. Therefore, “knowledge” of the controllers is necessary at the higher order IT level. This means that controller-specific implementation of components at IT system level is necessary, resulting in much greater complexity. In addition, functions often have to be adapted to suit the different types of controllers.        For the controllers this means that in many cases additional third party software for IT system integration has to be installed. This software is specific to the IT system. This accordingly produces a great multiplicity of potential software components which must be installed on the controllers by an OEM after commissioning. The resulting problems in respect of warranty and stability remain to be resolved.        
It would therefore be desirable and advantageous to obviate prior art shortcomings and to provide an improved method and a system for securely connecting at least one controller for a machine to a higher-level IT system